He told HuffPost that he had been told of schools who believed they could no longer alert staff to student’s “potentially life-threatening allergies” because of the General Data Protection Regulation which came into force today.

“I think the information commissioner is going to have to start doing some myth busting about GDPR given the mythology that is growing around it and I think they need to do it quite quickly,” he said.

“Especially with some of this information going around at schools which is particularly worrying and potentially dangerous... I think they need to perhaps put out a few notices saying, ‘you can tell members of staff that a student has a potentially fatal allergy’.”

The panic over #gdpr has become a full-blown stampede. Just been contacted by a client whose gdpr compliance group has advised deleting every photo of any person on their website every two years. People need to calm down. Given barmy advice? Give me a call.

It seems that schools in particular have been given guidance that at best wrong and at worst potentially life-threatening to pupils and @educationgovuk and @ICOnews need to issue some clear guidance as a matter of urgency...

Some of the guidance on #GDPR given to schools is said to include: 1. Destroy archive pics of ex pupils - Wrong2. Pupils’ surnames can’t be given to newspapers - Wrong3. Staff cannot share information on pupils’ life-threatening allergies and illnesses - Wrong, and dangerous

GDPR applies to all organisations that handle European Union citizens’ data and has caused widespread panic as it gives the Information Commissioner’s Office (ICO) powers to fine firms up to €20m (£17.5m) or 4% of global annual turnover for serious breaches.

It gives consumers new rights to request what data is held on them and to ask for it to be deleted and requires companies to get explicit consent to use personal information. According to the ICO it’s “intended to strengthen and unify data protection for all individuals within the European Union”.

Firms also have to meet higher standards for keeping data safe but they have been given two years to prepare for the change.

The law had led to torrents of emails being sent out asking people to renew their consent to receive marketing materials and today a number of high-profile US news websites became temporarily un-available in Europe.

On Thursday Banks highlighted the confusion around GDPR by directing his followers to a thread on Twitter.

Our county council's advice to schools has been to rethink having photos and details of children who have allergies/health problems and may need urgent medical attention pinned to notice-boards in the staff-room. FFS.

I work in finance. A GDPR consultant told me recently that I should consider removing all customer names and addresses from our invoices. I told the “consultant” to live in the real world, and I haven’t seen him since.

The Department of Education today declined to comment on any feeback they had received from schools around GDPR, but highlighted a number of educational materials - including blogs and videos - it had provided.

The National Education Union told HuffPost it was unaware of concerns amongst schools. The National Union of Teachers and the NASUWT are yet to reply to a request for comment.

A spokesperson from the Information Commissioner’s Office told HuffPost that it had already published a “whole series of myth busting blogs” about GDPR and reassured small organisations that there is “no need to panic”.

“It’s important that we all understand 25 May is the beginning of the journey and we want to reassure small organisations that there is no need to panic. Anyone who is unclear about what they should be doing should check our website or contact us directly.”

The statement continued: “The ICO’s commitment to guiding, advising and educating organisations about how to comply with the law will not change. The large fines will be reserved for those organisations that persistently, deliberately or negligently flout the regulations.”

Banks said a lot of the confusion around GDPR centred around the issue of consent, “which is why we’re all getting these emails” from companies asking for permission to keep sending correspondence.

He explained if individuals, for instance, had previously agreed to recieve a newsletter, even if it was “years ago”, companies did not need to ask them for consent to keep sending it because “I can unsubscribe at any time”.

“One of the exemptions to holding data is that you’ve got a legitimate interest in holding, just what data they need, to get me the newsletter.

“Organisations that might be in a little bit of a sticky situation... if you’d signed up to a newsletter and you’ve told them everything about yourself... your name, your hair colour, your gender.... now they might find themselves in a sticky situation because they’ve got a lot of data and it might be quite hard for them to justify holding quite so much.”

The Twitter thread was critical of the way the ICO’s had rolled out the law change, which Banks agreed with, saying there were too many “grey areas”.

I have to say the lnformation Commissioner has handled #GDPR appallingly. I went to a workshop delivered by one of its policy officers. Nothing against her - she was v good - but she admitted quite a lot was a grey area! Businesses can’t operate on that basis. They need clarity

However, he told HuffPost that “this often happens when you get complex new legislation coming in, people overreact and interpret it at the most extreme level, they always go to the worst case scenario”.

“Perhaps some simpler information should have been out out by the Information Commissioner’s Office,” Banks said.

“The guidance we got was quite lengthily and it would be good to see some digests coming out that kind of back that up and get some key messages out to give a bit of clarity to people. ”